Change FAST Search user (FAST Search Server 2010 for SharePoint)
Applies to: FAST Search Server 2010
If you want to change the user that FAST Search Server 2010 for SharePoint is running under, follow these steps:
Stop FAST Search Server 2010 for SharePoint on all servers in the farm.
On each server in the FAST Search Server 2010 for SharePoint farm, starting with the administration server:
Note
First, follow these steps on the administration server. Then, restart the administration server before repeating the steps for the other servers in the deployment.
Add the new FAST Search user to the local FASTSearchAdministrators group. Remove the old FAST Search user.
Update the user credentials for all FAST Search Server 2010 for SharePoint Windows Services:
FASTSearchService
FASTSearchBrowserEngine
FASTSearchMonitoring
QRProxyService
FASTSearchSAMAdmin
FASTSearchSAMWorker
Open a Microsoft FAST Search Server 2010 for SharePoint shell as an administrator:
On the Start menu, click All Programs.
Click Microsoft FAST Search Server 2010 for SharePoint.
Right click Microsoft FAST Search Server 2010 for SharePoint shell and select Run as administrator.
Set the Local Security Authority (LSA) policy for the new FAST Search user:
At the command prompt, type the following command(s):
Set-LsaPolicy -AccountName <domain\user> -Privilege "SeServiceLogonRight" Set-LsaPolicy -AccountName <domain\user> -Privilege "SeAssignPrimaryTokenPrivilege" Set-LsaPolicy -AccountName <domain\user> -Privilege "SeIncreaseQuotaPrivilege"Where:
- <domain\user> is the new FAST Search user.
Set a new discretionary access control list (DACL) on ports:
At the command prompt, type the following command(s):
Set-Services -UserName <domain\user> -BasePort <baseport>Where:
<domain\user> is the new FAST Search user.
<baseport> is the base port value in etc\hostconfiguration.xml.
Grant permission to the new FAST Search user to stop and start services:
At the command prompt, navigate to the bin directory under the installation folder and type the following command(s):
.\ServiceAccessControl.exe FASTSearchMonitoring <domain\user> .\ServiceAccessControl.exe FASTSearchSAMWorker <domain\user> .\ServiceAccessControl.exe FASTSearchSAMAdmin <domain\user> .\ServiceAccessControl.exe QRProxyService <domain\user> .\ServiceAccessControl.exe FASTSearchBrowserEngine <domain\user>Where:
- <domain\user> is the new FAST Search user.
Update the reference to the user name in etc\hostconfiguration.xml.
Recreate the configuration files:
At the Windows PowerShell command prompt, type the following command(s):
Set-FASTSearchConfigurationMake sure that the new user has access to the certificates and the corresponding private keys that are used by FAST Search Server 2010 for SharePoint. Refer to Manage certificates (FAST Search Server 2010 for SharePoint) for more information.
Grant the new user full access to the FAST Search Server 2010 for SharePoint installation folder. Remove the old FAST Search user from the security description for the installation folder.
On the administration server in the FAST Search Server 2010 for SharePoint farm, perform the following additional steps:
In Internet Information Services (IIS), change the user who runs the application pool FASTSearchApplicationPool.
Restart the application pool.
In the params.xml file, under \etc\config_data\deployment\, update the user name value to reflect the new user.
Update the Query SSA on SharePoint Server.
From the SharePoint Server Central Administration home page, select Application Management > Manage Service Applications. In the list of Service Applications, highlight the name of your Query SSA. Click Properties.
Update the Account for Administration Service field.
Make sure that the security account selected for running the application pool for Search Admin Web Service is a member of the FASTSearchAdministrators group on the FAST Search Server 2010 for SharePoint administration server.
Make sure that the new FAST Search user has read and write access to the SQL Server.
Restart all servers in the FAST Search Server 2010 for SharePoint farm.